By msmash from Slashdot's problem-solved department
Determining how to prevent acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption. From a report: HTTPS prevents governments and others from seeing the specific page users are visiting. For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square. Up until 2015, Wikipedia offered its service using both HTTP and HTTPS, which meant that when countries like Pakistan or Iran blocked the certain articles on the HTTP version of Wikipedia, the full version would still be available using HTTPS. But in June 2015, Wikipedia decided to axe HTTP access and only offer access to its site with HTTPS. [...] The Harvard researchers began by deploying an algorithm which detected unusual changes in Wikipedia's global server traffic for a year beginning in May 2015. This data was then combined with a historical analysis of the daily request histories for some 1.7 million articles in 286 different languages from 2011 to 2016 in order to determine possible censorship events. [...] After a painstakingly long process of manual analysis of potential censorship events, the researchers found that, globally, Wikipedia's switch to HTTPS had a positive effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015.Read Replies (0)
By msmash from Slashdot's other-side-of-India department
An anonymous reader shares an article: Kanishk Sajnani did not receive so much as a thank you from a major Indian airline when he contacted them with alarming news -- he had hacked their website and could book flights anywhere in the world for free. It was a familiar tale for India's army of "ethical hackers," who earn millions protecting foreign corporations and global tech giants from cyber attacks but are largely ignored at home, their skills and altruism misunderstood or distrusted. India produces more ethical hackers -- those who break into computer networks to expose, rather than exploit, weaknesses -- than anywhere else in the world. The latest data from BugCrowd, a global hacking network, showed Indians raked in the most "bug bounties" -- rewards for red-flagging security loopholes. Facebook, which has long tapped hacker talent, paid more to Indian researchers in the first half of 2016 than any other researchers. Indians outnumbered all other bug hunters on HackerOne, another registry of around 100,000 hackers. One anonymous Indian hacker -- "Geekboy" -- has found more than 700 vulnerabilities for companies like Yahoo, Uber and Rockstar Games. Most are young "techies" -- software engineers swelling the ranks of India's $154-billion IT outsourcing sector whose skill set makes them uniquely gifted at cracking cyber systems.Read Replies (0)
By msmash from Slashdot's as-expected department
James Timcomb, writing for The Telegraph: Technology industry demands for special measures to let companies hire foreign workers after Brexit have been boosted by a surge in demand for technology visas. Tech City UK, the government organisation that processes applications for the dedicated "Tier 1 Exceptional Talent" visa, said successful applications had more than quadrupled in the last 12 months, with 260 endorsed in the last fiscal year. It follows fears in the British tech community that access to skilled computer coders would be hit by restrictions to freedom of movement when the UK leaves the EU. David Cameron introduced the tech visa scheme in 2014 in a bid to make London the technology capital of Europe and rival Silicon Valley as a destination for start-ups, and amid fears of a shortage of skilled coders in the UK. The "Tech Nation" visa scheme allows Tech City UK to endorse applications from non-EU workers, and lets successful applicants stay in the country for five years, after which they can apply to settle. Just a handful of visas were granted in its first few months, due to what were seen as onerous requirements, and the rules were relaxed in 2015. Applications have soared since then, and rose again after the Brexit vote.Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
The United States might ban laptops from aircraft cabins on all flights into and out of the country as part of a ramped-up effort to protect against potential security threats, U.S. Homeland Security Secretary John Kelly said on Sunday. From a report:In an interview on "Fox News Sunday," Kelly said the United States planned to "raise the bar" on airline security, including tightening screening of carry-on items. "That's the thing that they are obsessed with, the terrorists, the idea of knocking down an airplane in flight, particularly if it's a U.S. carrier, particularly if it's full of U.S. people." In March, the government imposed restrictions on large electronic devices in aircraft cabins on flights from 10 airports, including the United Arab Emirates, Qatar and Turkey. Kelly said the move would be part of a broader airline security effort to combat what he called "a real sophisticated threat." He said no decision had been made as to the timing of any ban. "We are still following the intelligence," he said, "and are in the process of defining this, but we're going to raise the bar generally speaking for aviation much higher than it is now."Read Replies (0)
By EditorDavid from Slashdot's world-domination department
Just how many developers are there out there? GitHub is very well placed to know, given it's where (so much) of that development happens today. It has telemetry-based numbers, with their own skew of course, but based on usage rather than surveys or estimates. According to GitHub CEO Chris Wanstrath, "We see 20 million professional devs in the world as an estimate, from research companies. Well we have 21 million [active] users -- we can't have more users than the entire industry"...
If Github has 21 million active users, Wanstrath is right that current estimates of the size of the developer population must be far too low... Are we under-counting China, for example, given its firewalls? India continues to crank out developers at an astonishing rate. Meanwhile Africa is set for crazy growth too... You certainly can't just count computer science graduates or software industry employees anymore. These days you can't even be an astronomer without learning code, and that's going to be true of all scientific disciplines.
The analyst attributes the increasing number of developers to "the availability, accessibility and affordability of tools and learning," adding "It's pretty amazing to think that GitHub hit 5 million users in 2012, and is now at 20 million." As for the total number of all developers, he offers his own estimate at the end of the essay. "My wild assed guess would be more like 35 million."Read Replies (0)
By EditorDavid from Slashdot's xyzzy department
An anonymous reader writes:
Open source guru Eric S. Raymond added something special to his GitHub page: an open source version of the world's first text adventure. "Colossal Cave Adventure" was first written in 1977, and Raymond remembers it as "the origin of many things; the text adventure game, the dungeon-crawling D&D (computer) game, the MOO, the roguelike genre. Computer gaming as we know it would not exist without ADVENT (as it was known in its original PDP-10 incarnation...because PDP-10 filenames were limited to six characters of uppercase)...
"Though there's a C port of the original 1977 game in the BSD game package, and the original FORTRAN sources could be found if you knew where to dig, Crowther & Woods's final version -- Adventure 2.5 from 1995 -- has never been packaged for modern systems and distributed under an open-source license. Until now, that is. With the approval of its authors, I bring you Open Adventure."
Calling it one of the great artifacts of hacker history, ESR writes about "what it means to be respectful of an important historical artifact when it happens to be software," ultimately concluding version control lets you preserve the original and continue improving it "as a living and functional artifact. We respect our history and the hackers of the past best by carrying on their work and their playfulness."
"Despite all the energy Crowther and Woods had to spend fighting ancient constraints, ADVENT was a tremendous imaginative leap; there had been nothing like it before, and no text adventure that followed it would be innovative to quite the same degree."Read Replies (0)
By EditorDavid from Slashdot's homeland-insecurity department
An anonymous reader quotes CNN:
U.S. senators want people to hack the Department of Homeland Security. On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS... It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force... The Hack the DHS Act establishes a framework for bug bounties, including establishing "mission-critical" systems that aren't allowed to be hacked, and making sure researchers who find bugs in DHS don't get prosecuted under the Computer Fraud and Abuse Act. "It's better to find vulnerabilities through someone you have engaged with and vetted," said Jeff Greene, the director of government affairs and policy at security firm Symantec. "In an era of constrained budgets, it's a cost-effective way of identifying vulnerabilities"... If passed, it would be among the first non-military bug bounty programs in the public sector.Read Replies (0)
By EditorDavid from Slashdot's 26-years-in-the-making department
70-year-old Walt Mossberg wrote his last weekly column Thursday, looking back on how "we've all had a hell of a ride for the last few decades" and revisiting his famous 1991 pronouncement that "Personal computers are just too hard to use, and it isn't your fault."
Not only were the interfaces confusing, but most tech products demanded frequent tweaking and fixing of a type that required more technical skill than most people had, or cared to acquire. The whole field was new, and engineers weren't designing products for normal people who had other talents and interests. But, over time, the products have gotten more reliable and easier to use, and the users more sophisticated... So, now, I'd say: "Personal technology is usually pretty easy to use, and, if it's not, it's not your fault." The devices we've come to rely on, like PCs and phones, aren't new anymore. They're refined, built with regular users in mind, and they get better each year. Anything really new is still too close to the engineers to be simple or reliable.
He argues we're now in a strange lull before entering an unrecognizable world where major new breakthroughs in areas like A.I., robotics, smart homes, and augmented reality lead to "ambient computing", where technology itself fades into the background. And he uses his final weekly column to warn that "if we are really going to turn over our homes, our cars, our health and more to private tech companies, on a scale never imagined, we need much, much stronger standards for security and privacy than now exist. Especially in the U.S., it's time to stop dancing around the privacy and security issues and pass real, binding laws."Read Replies (0)
By EditorDavid from Slashdot's protesting-a-pipeline department
An anonymous reader writes:
"A shadowy international mercenary and security firm known as TigerSwan targeted the movement opposed to the Dakota Access Pipeline with military-style counterterrorism measures," reports The Intercept, decrying "the fusion of public and private intelligence operations." Saying the private firm started as a war-on-terror contractor for the U.S. military and State Department, the site details "sweeping and invasive" surveillance of protesters, citing over 100 documents leaked by one of the firm's contractors.
The documents show TigerSwan even havested information about the protesters from social media, and "provide extensive evidence of aerial surveillance and radio eavesdropping, as well as infiltration of camps and activist circles... The leaked materials not only highlight TigerSwan's militaristic approach to protecting its client's interests but also the company's profit-driven imperative to portray the nonviolent water protector movement as unpredictable and menacing enough to justify the continued need for extraordinary security measures... Internal TigerSwan communications describe the movement as 'an ideologically driven insurgency with a strong religious component' and compare the anti-pipeline water protectors to jihadist fighters."
The Intercept reports that recently "the company's role has expanded to include the surveillance of activist networks marginally related to the pipeline, with TigerSwan agents monitoring 'anti-Trump' protests from Chicago to Washington, D.C., as well as warning its client of growing dissent around other pipelines across the country." They also report that TigerSwan "has operated without a license in North Dakota for the entirety of the pipeline security operation."Read Replies (0)
By EditorDavid from Slashdot's knowing-when-you're-awake department
Orome1 quotes Help Net Security: Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker... "Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams revealed potentially private user interactions for each device we tested," the researchers noted. [PDF] In addition, the article notes, "Separating recorded network traffic into packet streams and associating each stream with an IoT device is not that hard."Read Replies (0)